[ic] PCI Compliance
IC Support
ic_support at mnwebdesign.com
Thu Jul 15 17:43:22 UTC 2010
Ky Hisberg <kyhis2005 at yahoo.com> said:
>>I have tried many combinations, but my apache 1.3.41 config needed this to
>>pass PCI compliance:
>>
>>SSLProtocol -ALL +TLSv1 +SSLv3
>>SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!EXPORT:!MEDIUM:!LOW
>>
>>
>>Thanks everyone!
>
>I also had to use the lines above just like Curt. In addition I had
overlooked that in >the last complaint the port was different (443 was
droped and 465 was the only one mentioned) which turns out to be a mail
port so I think Grants suggestion about the Cipher in Postfix sounds
logical. I hope that's it and we can finally get the certification. Thank
you for everybodys input.
>
>Kyle
Since you mention your mail port, I use Dovecot for my mail server and
believe I had to add this line to my dovecot.conf to pass compliance:
ssl_cipher_list = HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
Your mail server may need similar configuration.
Good luck!
Curt
More information about the interchange-users
mailing list